General
-
Target
a08fedd1af1461cd057783b833b75c1a_JaffaCakes118
-
Size
1.0MB
-
Sample
241126-h6yxhs1jdy
-
MD5
a08fedd1af1461cd057783b833b75c1a
-
SHA1
0422a45292fde8398a5a3f3f1a228b2d882075b5
-
SHA256
49b45085d73438a8a1c6ea4c6a5e3af5f391d65948fe5560458119f95cf28921
-
SHA512
07cc0e7ec0eeab10fcb3fa2e58231c366c0a999bfb2df0968253d5461e155d603a8224cb37e9a0dfc0a1e75c24a4cb86d25d0a06efdf23514744f6f9c511efdd
-
SSDEEP
24576:qSLX3jL0oSml1h4rZwFamT0Mr+GoJDgsKFlb9z9:REoNsIamT0bGcgvxx
Malware Config
Extracted
redline
tony1008
193.188.22.4:45689
Targets
-
-
Target
a08fedd1af1461cd057783b833b75c1a_JaffaCakes118
-
Size
1.0MB
-
MD5
a08fedd1af1461cd057783b833b75c1a
-
SHA1
0422a45292fde8398a5a3f3f1a228b2d882075b5
-
SHA256
49b45085d73438a8a1c6ea4c6a5e3af5f391d65948fe5560458119f95cf28921
-
SHA512
07cc0e7ec0eeab10fcb3fa2e58231c366c0a999bfb2df0968253d5461e155d603a8224cb37e9a0dfc0a1e75c24a4cb86d25d0a06efdf23514744f6f9c511efdd
-
SSDEEP
24576:qSLX3jL0oSml1h4rZwFamT0Mr+GoJDgsKFlb9z9:REoNsIamT0bGcgvxx
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Sectoprat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-